From: Aki Tuomi Date: Tue, 13 Feb 2024 07:58:04 +0000 (+0200) Subject: lib-dcrypt: Support ChaCha20-Poly1305 with OpenSSL3 X-Git-Tag: 2.4.0~1773 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c41b140fbd2096e5265ec8a50194dc711af14bb;p=thirdparty%2Fdovecot%2Fcore.git lib-dcrypt: Support ChaCha20-Poly1305 with OpenSSL3 --- diff --git a/src/lib-dcrypt/dcrypt-openssl3.c b/src/lib-dcrypt/dcrypt-openssl3.c index 976a36c520..b497ebb824 100644 --- a/src/lib-dcrypt/dcrypt-openssl3.c +++ b/src/lib-dcrypt/dcrypt-openssl3.c @@ -101,6 +101,11 @@ #define IS_ED_CURVE(nid) \ ((nid) == NID_ED25519 || (nid) == NID_ED448) +#if !defined(OBJ_chacha20_poly1305) && defined(LN_chacha20_poly1305) +# define OBJ_CHACHA20_POLY1305_MISSING +static ASN1_OBJECT *CHACHA20_POLY1305_OBJ = NULL; +#endif + struct dcrypt_context_symmetric { pool_t pool; const EVP_CIPHER *cipher; @@ -3415,7 +3420,14 @@ dcrypt_openssl_oid2name(const unsigned char *oid, size_t oid_len, dcrypt_openssl_error(error_r); return NULL; } +#ifdef OBJ_CHACHA20_POLY1305_MISSING + if (OBJ_cmp(obj, CHACHA20_POLY1305_OBJ) == 0) + name = LN_chacha20_poly1305; + else + name = OBJ_nid2sn(OBJ_obj2nid(obj)); +#else name = OBJ_nid2sn(OBJ_obj2nid(obj)); +#endif ASN1_OBJECT_free(obj); return name; } @@ -3429,6 +3441,12 @@ dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error_r) return dcrypt_openssl_error(error_r); size_t len = OBJ_length(obj); +#ifdef OBJ_CHACHA20_POLY1305_MISSING + if (len == 0 && strcasecmp(name, LN_chacha20_poly1305) == 0) { + ASN1_OBJECT_free(obj); + obj = OBJ_dup(CHACHA20_POLY1305_OBJ); + } else +#endif if (len == 0) { *error_r = "Object has no OID assigned"; return FALSE; @@ -4138,11 +4156,17 @@ void dcrypt_openssl_init(struct module *module ATTR_UNUSED) { dovecot_openssl_common_global_ref(); dcrypt_set_vfs(&dcrypt_openssl_vfs); +#ifdef OBJ_CHACHA20_POLY1305_MISSING + CHACHA20_POLY1305_OBJ = OBJ_txt2obj("1.2.840.113549.1.9.16.3.18", 1); +#endif } void dcrypt_openssl_deinit(void) { dovecot_openssl_common_global_unref(); +#ifdef OBJ_CHACHA20_POLY1305_MISSING + ASN1_OBJECT_free(CHACHA20_POLY1305_OBJ); +#endif } #endif